Upload
others
View
8
Download
0
Embed Size (px)
Citation preview
Registry Outreach Contractual Compliance| ICANN 53 | 25 June 2015
| 3
¤ Brief Update Since ICANN 52
¤ Registry Agreement Lessons Learned Summary ¤ Systems Update ¤ Communicating with Contractual Compliance ¤ Registry Metrics Update ¤ SLA Monitoring Proposed Changes
¤ Questions & Answers
Additional Slides Provided in Appendix:
¤ Audit Update ¤ RA Lessons Learned Guidelines ¤ Process Guidelines & Clarifications ¤ Policy Efforts ¤ Contractual Obligations Guidelines
Agenda
| 4
RA Lessons Learned Summary
Abuse Contact Data Required elements to be published 1
2
3
4
Zone File Access Requirements (CZDS) Reasons for denial of access
Controlled Interruption (CI) Complying with Name Collision Assessment Letter(s)
Uniform Rapid Suspension (URS) Complying with lock and suspension requirements
5 List of Registered Domain Names (LORDN) Clarifications on uploading LORDN files to the Trademark Database
| 5
Improvements based upon community & contracted party feedback: ¤ Include ticket IDs and standardize subject headings for closure notices ¤ Provide auto confirmation email to all responses received by ICANN
between 1st Inquiry/Notice and the closure notice ¤ Soft launch of registrar weekly report of open (and recently closed) tickets ¤ Email [email protected] to sign-up for the Compliance Weekly Report ¤ Add closure reason for complaint being closed for “ICANN issue” ¤ Ensure automated closure notices are sent to the proper contacts Other improvements: ¤ Integrate [email protected] into complaint processing system ¤ Automate sending anonymous complaints by masking reporter
information when requested ¤ Clarify and simplify wording in the communication templates ¤ Additional speed/automation improvements
Systems updates since ICANN 52
| 6
Tips for communicating with ICANN Contractual Compliance ¤ Whitelist emails from icann.org
¤ Check that your mail servers are not blocking emails from ICANN
¤ Reply to compliance notices ASAP and state what you are doing
¤ But no later than notice deadline
¤ Early response allows for follow up and collaboration if insufficient
¤ Do not change the subject lines in any way when responding to compliance notices
¤ Make sure response + attachments are less than 4 MB size total
Communicating With Contractual Compliance
| 7
Registry Metrics Update (January – May 2015)
Registry Complaints Quan3ty Received
Closed before 1st inquiry /
no3ce
ICANN Issue
ZONE FILE ACCESS 312 70 0
REGISTRY DATA ESCROW 133 2 3
SLA 101 51 0
REGISTRY OTHER 73 41 1 RESERVED NAMES/CONTROLLED INTERRUPTION 61 33 0
CODE OF CONDUCT 56 8 0
REGISTRY FEES 51 1 0
MONTHLY REPORT 33 2 0
ABUSE CONTACT DATA 24 8 0
BRDA 23 1 0
URS 20 15 0
BULK ZFA 15 1 1
RR-‐DRP 9 10 0
PIC 7 7 0
SUNRISE 7 6 0
MISCONDUCT 1 0 0
CLAIMS SERVICES 1 1 0
BANKRUPTCY 0 2 0
Total 927 259 5
Registry Turn Around Time (TAT) (in days) Avg TAT 1st NoLce 6.4 Avg TAT 2nd NoLce 6.1 Avg TAT 3rd NoLce 8.0
Formal No3ces Volume
Volume Breach 0
Volume Non-‐Renewal 0
Volume Suspension 0
Volume TerminaLon 0
| 8
Registry Complaint Types & Top Closure Reasons (January – May 2015)
DEA noLce fixed 64.3%
Ry Operator noLce fixed
12.2% Missed deposit
resumed 12.2%
1st deposit iniLated 10.2%
Invalid TLD 1.0%
Data Escrow
Ry Demonstrated Compliance
44.5%
Ry Fixed issue 34.0%
ZFA complaint incomplete
10.9%
Duplicate complaint (open) 9.2%
Duplicate complaint (closed) 1.3%
Zone File Access
| 9
Registry Complaint Types & Top Closure Reasons (January – May 2015)
Ry Fixed issue 48.8%
Blocked SLD Confirmed 27.9%
Ry Demonstrated Compliance
11.6%
Reserved Name protected
9.3%
Complaint outside of scope
(Ry) 2.3%
Reserved Names/ Controlled Interrup3on
Invalid TLD 75.0%
Requested evidence not provided 1.6%
Ry Fixed issue 23.4%
SLA
| 10
Registry Complaint Types & Top Closure Reasons (January – May 2015)
Invalid Ry 38.9%
Contact Data published 50.0%
Ry Fixed issue 11.1%
Abuse Contact Data
Ry Demonstrated Compliance
40.0%
Invalid Ry 30.0%
Ry Fixed issue 30.0%
Code of Conduct
SLA Monitoring Proposed Changes
| 12
Updates to SLA Monitoring Communications
Specification 10 of the Registry Agreement – EBERO Thresholds
¤ Currently: ICANN’s SLA Monitoring system sends automated alerts to Registry Operators when certain thresholds are met
¤ Registry Operators have been non-responsive/slow to respond
¤ Proposed: Additional communications sent to Registry Operators and Registry Service Providers that require acknowledgement
¤ SLA Monitoring alerts: emails and calls to Registry Operators and
Registry Service Providers at initial alert and 10%, 25%, 50%, 75% and 100% of threshold
¤ Compliance notices: escalated notice initially and breach notice at 100% of emergency threshold to Registry Operators
| 13
SLA Monitoring Communications: DNS-DNSSEC
Trigger: Communication type: Means: To RO Contacts:
Initial incident
Compliance Escalated Notice Auto Email + Efax + Call Email: Primary, Legal, Compliance, Technical, 3 Emergency contacts Efax: Compliance contact Call: Compliance contact
10%, 25%, 50% & 75%
Tech Svcs SLA Monitoring Alert
Auto Email + Auto Call Email: Primary, Legal, Compliance, Technical, 3 Emergency contacts Call: Any of 3 Emergency contacts
100% Tech Svcs SLA Monitoring Alert
Auto Email + Auto Call Email: Technical, 3 Emergency contacts Call: Any of 3 Emergency contacts
100% Compliance Breach Notice (upon validation)
Email + Efax + Courier + Web
Email: Primary, Legal, Compliance contacts Efax: Legal contact Courier: Legal contact Web: Breach published on icann.org
| 14
SLA Monitoring Communications: RDDS
Trigger: Communication type: Means: To RO Contacts:
10% Tech Svcs SLA Monitoring Alert Compliance Inquiry Notice
Auto Email + Auto Call Auto Email
SLA Email: Technical, 3 Emergency contacts SLA Call: Any of 3 Emergency contacts Compliance Email: Primary, Legal, Compliance contacts
25% & 50%
Tech Svcs SLA Monitoring Alert
Auto Email + Auto Call Email: Primary, Legal, Compliance, Technical, 3 Emergency contacts Call: Any of 3 Emergency contacts
75% Tech Svcs SLA Monitoring Alert
Auto Email + Auto Call Email: Technical, 3 Emergency contacts Call: Any of 3 Emergency contacts
75% Compliance Breach Notice (upon validation)
Auto Email + Efax + Courier + Web
Email: Primary, Legal, Compliance contacts Efax: Legal contact Courier: Legal contact Web: Breach published on icann.org
100% Tech Svcs SLA Monitoring Alert
Auto Email + Auto Call Email: Primary, Legal, Compliance, Technical, 3 Emergency contacts Call: Any of 3 Emergency contacts
| 15
To: [email protected] Subject line: ICANN 53 Registry Outreach Session
Send compliance questions
Questions & Answers
The ICANN 53 presentations are available at: - The outreach page at this link https://www.icann.org/resources/compliance/outreach - The ICANN 53 Schedule page at this link http://buenosaires53.icann.org/en/schedule-full for access to meeLng objecLve, audio and material by meeLng.
Appendix - Audit Activities Update - RA Lessons Learned Guidelines - Policy Update - Process Guidelines & Clarifications - Contractual Obligations Guidelines
| 17
New Registry Agreement Audit Program
¤ Launched another round in March 2015
¤ 11 Registries selected
¤ Scheduled to complete July 2015
¤ The audit report will be published in September 2015
What’s Next?
¤ Preparing for 2013 RAA and future rounds of the new RA audits Link to the ICANN Contractual Compliance Audit Page: https://www.icann.org/resources/pages/audits-2012-02-25-en
Audit Activities since ICANN 52
| 18
¤ Sample of 11 new gTLD Registry Operators selected for audit
¤ March 2015 RA Audit Outreach presentation can be found at this link: https://www.icann.org/resources/compliance/outreach
New Registry Agreement – March 2015 Audit
| 19
New Registry Audit – Preliminary Results
Issue Importance Variances or missing data in Data Escrow file vs. DNS vs. BRDA vs. zone file
Correct processing and maintenance of registraLon data is required for restorability and to protect consumers
Monthly reports: number of domains incorrectly reported
Inaccurate domain counts may result in incorrect reporLng to public and over or underpayment of fees
Abuse contact data: missing or incorrect Abuse contact data serves the community’s needs to report abuse
Orphan Glue Records: orphan glue records found in zone file
Orphan glue records are prone to be used for malicious purposes.
Registry-‐Registrar Agreements: required abuse provision missing
Contract language regarding abuse informs the community and promotes security
| 20
New Registry Audit – Preliminary Results
Issue Importance Business ConLnuity Plan does not exist or is not tested
To ensure that Registry operaLons will conLnue in case of failure of the main Registry system.
Instances of trademarked domains (covered labels) not included in LORDN file
Trademark owners are not informed about their trademark being registered
Registry stated that it will use only TMCH cerLfied Registrars; but some weren’t cerLfied
To ensure non-‐preferenLal treatment of Registrars
Security threats: technical analysis not performed
Technical analysis and threat handling procedures essenLal to idenLfying and addressing threats efficiently
| 21
Registry Agreement Provisions under Consideration
Registry Agreement Clause Audit Objective / Community Value
GENERAL REPRESENTATIONS AND COMPLIANCE WITH POLICIES
1
Article 1.3 Representations and Warranties. 1.3 (a) ii.
To confirm that Registry Operator is still in good standing since application process.
2
Article 2.2 Compliance with Consensus Policies and Temporary Policies
To obtain an assurance that Registries are complying with applicable Consensus Policies – UDRP; Registry Services Evaluation Policy and Added Grace Period
DATA ESCROW SPECIFICATIONS COMPLIANCE
3
Article 2.3 Data Escrow; Specification 2
To confirm that content of the escrow deposits are per the contract and Registries are in good standing with DEAs.
| 22
Registry Agreement Provisions under Consideration
Registry Agreement Clause Audit Objective / Community Value
COMPLIANCE WITH POLICIES & SPECIFICATIONS
4 Article 2.4 Monthly Reporting;
Specification 3
To confirm the monthly Per-Registrar Transactions Report accurately represents the number of active domains.
5 Article 2.5 Publication of Registration
Data (Whois); Specification 4 To confirm compliance with Specification 4 (specifically Sections 1.4 – 1.7).
6 Article 2.6 Reserved Names; Specification 5
To confirm that Names that Registry Operators are obligated to reserve are actually reserved.
7
Article 2.6 Specification 6. Name Collision Occurrence Assessment (Blocked Second Level Domain Names)
To confirm that names that Registry Operators are obligated to block are actually blocked.
| 23
Registry Agreement Provisions under Consideration
Registry Agreement Clause Audit objective / Community value
COMPLIANCE WITH POLICIES & SPECIFICATIONS
8 Article 2.7 Registry Interoperability and Continuity; Specification 6
To confirm that Registry Operators have BCP (Business Continuity Plan) and it includes key provisions. To confirm that Registry Operator addresses orphan glue records appropriately (according to Spec 6, 4.2).
9 Article 2.7 Specification 6, 1.5 IPv6 To confirm that Registry Operator is able to accept IPv6 addresses.
10 Article 2.8 Protection of Legal Rights of Third Parties - (TMCH) Sunrise & Claims Periods; Specification 7
To confirm that Registry Operator implemented and adhered to the rights protection mechanisms (“RPMs”) specified in Specification 7.
| 24
Registry Agreement Provisions under Consideration
Registry Agreement Clause Audit objective / Community value
COMPLIANCE WITH POLICIES & SPECIFICATIONS
11 2.14 Registry Code of Conduct; Specification 9 Parts A, B, D To confirm compliance with Code of Conduct.
12 Article 2.17 Additional Public Interest Commitments; Specification 11
To confirm that Registry Operator complies with its public interest commitments as incorporated into Specification 11 of the Registry Agreement.
13 Article 2.19 Community- Based TLDs Obligations of Registry Operator to TLD Community; Specification 12
To confirm that Registry has a written Registration Policy and complied with it.
14 Specification 13. BRAND TLD PROVISIONS; 5.1 (ii)
To confirm that only Registry Operator, its Affiliates, or Trademark Licensees register domain names and control the DNS records associated with domain names at any level in the TLD.
Registry Agreement Lessons Learned Guidelines
| 26
Required Elements to be Published & Guidance under Specification 6 ¤ Email address, mailing address and primary contact (may be role-based) ¤ On TLD’s webpage referencing abuse reports: ensure valid email address,
postal address and primary contact
¤ Many TLDs are publishing email address, but missing postal address and primary contact for reports by postal mail
¤ Links to abuse reporting forms ok, but forms must be in addition to
publishing email address ¤ Must be evident that abuse reports may be sent to the general postal
address being displayed, if used for abuse reporting
1. Abuse Contact Data
| 27
Replying to Requests & Reasons for Denial under Specification 4 ¤ Agreement is not explicit on when TLD must reply to requests for zone file
access
¤ Be reasonable, open and transparent ¤ Establish, publish and adhere to policy that informs end-users by when
they should reasonably expect a response
¤ ICANN inquiry forwards user complaints about pending requests
¤ Three reasons for denying access under Specification 4:
¤ Failure to satisfy credentialing requirements of Section 2.1.2
¤ Incorrect or illegitimate credentialing requirements of Section 2.1.2
¤ Reasonable belief that requestor will violate terms of Section 2.1.5
2. Zone File Access Requirements (CZDS)
| 28
Complying with Assessment Letter(s) and Approved CI Methodologies ¤ Ensure compliance with Wildcarded Controlled Interruption or Wildcarded
Second Level Domain (SLD) Controlled Interruption ¤ 4 Aug 2014 Assessment letter
¤ 12 Sep 2014 SLD Variations Letter
¤ Ensure zone files are available for ICANN review
¤ Ensure no SLDs on the SLD Block List are delegated
¤ Remove Pre-Delegation Testing (PDT) domains from zone file
3. Name Collision, Controlled Interruption
| 29
3. Name Collision, Controlled Interruption (CI)
1 TLDs delegated on or after 18 Aug 2014 ¤ No activation of names (other than nic.tld ) for 90 days after delegation ¤ The TLD chooses when to start Controlled Interruption ¤ Implement CI per Section 1 of Name-Collision Occurrence Assessment (the
“Assessment”)
2
TLDs delegated before 18 Aug 2014 and names activated other than nic.tld ¤ The TLD chooses when to start CI; meanwhile, blocking SLDs on Alternate Path to
Delegation (APD) List ¤ Once CI starts, implement per Section II of Assessment and 12 Sep 2014 SLD
Controlled Interruption Variations ¤ After CI period ends, may release APD List per Section II (c) of Assessment
3 TLDs delegated on or after 18 Aug 2014 and no names activated, other than nic.tld ¤ The TLD chooses when to start Controlled Interruption ¤ Choose whether to follow Section I or II of the Assessment ¤ Implement CI per the chosen section of the Assessment
| 30
Complying with lock and suspension requirements ¤ Within 24 hours of receiving notice of complaint from URS provider, Registry
Operators must lock the domain
¤ Restrict all changes to registration data – including transfer and deletion ¤ Registry Operator must notify the URS provider immediately upon lock
¤ Upon receipt of determination, Registry Operator immediately suspends name and redirects nameservers to Provider’ informational URS site
¤ Whois shall reflect the name is not able to be transferred, deleted or modified for the life of the registration
¤ Lock, suspension and notification requirements must be met regardless of weekends, holidays or other absences
4. Uniform Rapid Suspension (URS)
| 31
Clarifications on submitting LORDN files to the Trademark Database (TMDB) ¤ TMCH Functional Specification requires LORDN files to be submitted to
TMDB within 26 hours of effective allocation for Sunrise and Claims registrations
¤ LORDN files required for all Claims period registrations, including those occurring in Claims periods reopened by TLD a Claims period
¤ TMDB Claims period clock begins at 00:00 UTC and ends at 23:59 UTC
¤ If TLD starts/stops Claims period at alternative times, it may receive inquiries for missing Claims notices from trademark holders
5. List of Registered Domain Names (LORDN)
Policy Efforts and Updates
| 33
Actively contributing to the following Working Groups
¤ Public Interest Commitments Security Framework ¤ Registration Data Directory Service
¤ Effective 31 January 2016: Advisory on Whois Clarifications & Additional Whois Information Policy (AWIP)
Policy and Working Group Efforts
Process Guidelines and Clarifications
| 35
VS o Sent regarding an alleged area of
noncompliance o Proactive compliance monitoring (if
above applies) o Complaint from third party (upon
validation) Note: Subject line will indicate whether Notice or Inquiry
Notice Inquiry
o Information gathering is required o No known compliance violation o Proactive compliance monitoring
effort (if above applies) Note: Non-response to Inquiry may result in a Notice
Informal Resolution Process Guidelines
Escalated compliance notices apply to compliance matters that: ¤ Require immediate resolution ¤ Are a repeat of a matter that was claimed to be previously cured ¤ Are grounds for termination (e.g., insolvency, conviction, stability issue)
| 36
¤ Deadlines are generated on UTC time
¤ Due dates advance at 00:00 UTC
¤ Staff processing across 3 global hubs
¤ Notices or inquiries sent on same day may have different deadlines
Informal Resolution Process – Clarifications
| 37
NOTE: Early response allows for follow up and collaboration
¤ ICANN will generally send a follow up for: ¤ Insufficient response received before due date and time remains
¤ Insufficient response received early and ICANN review/response past due date
¤ Extension requested by contracted party by due date (with reason) ¤ Clarification requested by contracted party before due date
¤ ICANN will advance to next phase for:
¤ No response from contracted party
¤ Insufficient response received near or on due date
Informal Resolution Process – Clarifications
| 38
ICANN staff uses various contacts in the informal resolution process ¤ Registrars: 1-2-3 notices sent to designated email contacts depending on
complaint type; primary contact is also copied on 3rd notice and sent 3rd notice fax
¤ Registries: 1-2-3 notices and 3rd notice fax sent to compliance contact; primary contact and legal notice contact also copied on 3rd notice
¤ Reminder calls are made to contracted parties after 2nd and 3rd notices (if response is insufficient)
¤ Primary contact for registrars and compliance contact for registries
¤ Telephone numbers are encouraged to be direct lines (rather than general customer service lines), with voicemail
Informal Resolution Process – Contacts
Contractual Obligations Guidelines
| 40
Registry Program Scope
¤ The Registry Agreement and applicable Consensus Policies
¤ The Dispute Resolution Procedures
¤ Public Interest Commitments
¤ Community Registration Restrictions
¤ Trademark Post-Delegation
¤ Uniform Rapid Suspension
¤ The Sunrise Processes
¤ The Claims Services Processes
¤ The Audit is limited to the representations and warranties in Article 1, and
the covenants in Article 2
| 41
Selected Obligations Due Upon Signing of the RA
¤ Comply with Temporary & Consensus Policies, as applicable (Spec 1)
¤ Reserve Special Domain Names (Spec 5)
¤ Meet Interoperability/Continuity Standards(Spec 6)
¤ Implement Rights Protection Mechanisms (Spec 7)
¤ Maintain Continued Operations Instrument (Spec 8)
¤ Comply with Code of Conduct (Spec 9)
¤ Comply with Public Interest Commitments (Spec 11)
¤ Implement Community Registration Policies, as applicable (Spec 12)
¤ Pay Registry RPM Access Fees (Article 6)
¤ Comply with Name-Collision Occurrence Assessment
| 42
Selected Obligations Due Upon Delegation
¤ Ensure Daily Escrow Deposits are made and that
Escrow Agent delivers daily verification notifications (Spec 2) & Registry
notifies ICANN
¤ Submit Monthly Reports (Spec 3)
¤ Operate a WHOIS service & web-based RDDS per Spec 4
¤ Grant access to ICANN of daily Zone File (Spec 4, Section 2.3)
¤ Grant access to ICANN of weekly Thin Registration Data (Spec 4, Section 3)
¤ Maintain Registry Performance (Spec 10)
| 43
Comply with Temporary & Consensus Policies
¤ Consensus Policies are developed by the community and adopted by the
ICANN Board
¤ Temporary Policies are ICANN Board-established specifications or policies
necessary to maintain stability or security of Registrar Services, Registry
Services, DNS or Internet
| 44
Reserved Names Article 2.6 & Specification 5 of the Registry Agreement ¤ In part for Registry Operations and Marketing
¤ Other Requirements
¤ Two-character labels at the second level (unless otherwise approved by ICANN)
¤ Names on the list of Inter-governmental organizations (IGO), at the second level
¤ Names on the list of International Olympic Committee, International Red Cross & Red Crescent, at the second level
¤ Country and Territory names at all levels (and IDN variants as applicable)
| 45
Registry Interoperability & Continuity Specifications Specification 6 of the Registry Agreement ¤ Compliance with Standards: DNS, EPP, DNSSEC, IDN, IPv6, IDN Tables
¤ Comply with relevant Request For Comments (RFC) ¤ Sign the TLD zone files implementing Domain Name System Security
Extensions (“DNSSEC”) sign its TLD zone files implementing Domain Name System Security Extensions
¤ Comply with the ICANN IDN Guidelines ¤ Accept IPv6 addresses as glue records in its Registry System and publish them
in the DNS ¤ Comply with Approved Registry Services & Wildcard Prohibition ¤ Establish a Business Continuity Plan & Conduct Annual Testing ¤ Publish Abuse Contact Data & Establish Process for Malicious Use of
Orphan Glue Records ¤ Requirements about Initial & Renewal Registrations ¤ Comply with Name Collision Occurrence Management
| 46
TMCH Rights Protection Mechanisms (RPM)
Specification 7 of the Registry Agreement ¤ Comply with Trademark Clearinghouse Rights Protection Mechanisms
Requirements
¤ Comply with all dispute resolution procedures
¤ Uniform Rapid Suspension
¤ Lock domain within 24 hours of notice by URS provider and perform actions required upon notification of URS decision
¤ Registry Restriction Procedure and Trademark-Post Delegation Procedure
¤ Perform remedial actions if reporter of dispute prevails
| 47
Trademark Clearinghouse RPM Requirements Sections 2.1.1 & 2.2.4 ¤ Definition: to “Allocate” is to “designate, assign, or otherwise earmark” a
Domain Name
¤ Subject to exceptions, Registry Operator cannot Allocate name to registrant that is not a Sunrise-eligible rights holder prior to Allocation or registrations of all Sunrise-Registrations
¤ Improper Allocation occurs regardless of sunrise preemption or whether the
earmarked name was converted to a registration
Improper Allocation / Earmarking
| 48
Uniform Rapid Suspension
Specification 7 of the Registry Agreement ¤ Registry must lock domain in dispute under URS within 24 hours of receipt
of Notice of Lock from URS Provider
¤ If URS Provider submits complaint to ICANN, 1-2-3 expedited notices (24 hours each) to registry operator
¤ Registry must perform steps in Section 10.2 of URS procedure upon receipt
of URS Determination in favor of complainant
¤ ICANN enforces based on report by complainant that prevailed
| 49
Registration Restriction Dispute Resolution Procedure
Specification 7 of the Registry Agreement ¤ Comply with community registration policies per Article 2.19 and
Specification 12
¤ ICANN conducts preliminary review of complaint to ensure it is complete, has claim of non‐compliance with at least one registration restriction and that reporter is in good standing
¤ If report passes initial review, complaint is sent to Registry Operator; if dispute remains unsettled reporter may file complaint with approved Service Provider
| 50
Continued Operations Instrument (COI)
Specification 8 of the Registry Agreement ¤ COI for sufficient financial coverage of critical registry functions of Section
6 of Specification 10 (EBERO Thresholds)
¤ 6 years from effective date of Registry Agreement
¤ If terminated or not renewed, required to obtain replacement COI
¤ No amendment without ICANN approval
¤ Subject to review and/or audit to determine sufficiency based on number of domains under management
¤ EBERO agreement fee table provides guidance
| 51
COI Guidance – EBERO Agreement Fee Table https://www.icann.org/resources/pages/ebero-2013-04-02-en
| 52
Code of Conduct
Specification 9 of the Registry Agreement
¤ Provide registrars equal access to Registry Services
¤ No front-running
¤ Requirements for Registry Operators with cross-ownership
¤ Must prevent unauthorized disclosures of Personal Data by Affiliated Registrar
¤ By 20 January of each year: submit Code of Conduct Certification to ICANN signed by TLD Executive and with results of review
¤ Separate legal entities and separate accounting books
| 53
Public Interest Commitments Specification 11 of the Registry Agreement ¤ Comply with mandatory and voluntary (as applicable) commitments
¤ ICANN compliance can enforce PICs regardless of whether a PIC-DRP is filed.
¤ PIC-DRP: ICANN conducts preliminary review of complaint to ensure it is complete, has a claim of non‐compliance with at least one commitment, and that reporter is in good standing
¤ Registry and reporter have 30 days to resolve dispute; if unsettled ICANN investigates or defers to Standing Panel
¤ Standing panel has 15 days to return a decision to ICANN
¤ If reporter prevails ICANN sends notice of breach to Registry Operator and it has 30 days to cure
| 54
Clarifications ¤ Who Executes the Certification
¤ “an executive officer of the Registry Operator”
¤ What to Submit ¤ Certification of Continued Compliance with Specification 13 Status
¤ Certification of Continued Compliance with Exemption Status
¤ Specification 9 Code of Conduct
¤ If vertically integrated and no Specification 13 or Exemption Status granted
Annual Certifications
| 55
Community Registration Policies
Specification 12 of the Registry Agreement
¤ Criteria for eligibility to register names
¤ Methods for validating Community eligibility
¤ Required to be member of specified Community
¤ Procedures for resolution of disputes concerning compliance with TLD registration policies
| 56
Data Escrow Specification 2 of the Registry Agreement
¤ Daily deposits by the Registry Operator
¤ Sunday: full deposits to Data Escrow Agent by 23:59 UTC ¤ Full deposit consists of entire set of registry database objects as
defined
¤ Monday-Saturday: differential deposits by 23:59 UTC (or full deposit) ¤ Differential deposit includes all registry database objects that
have been created, deleted or updated since previous full or differential deposit
¤ Registry Operator must ensure that Data Escrow Agent sends daily status notifications to ICANN per Section 7, Part B
¤ Registry Operators also sends daily notification of deposit to ICANN per Section 7, Part A
| 57
Monthly Reports
Specification 3 of the Registry Agreement
¤ Two reports are required
¤ Registry Functions Activity
¤ Per Registrar Transaction Report
¤ Registry Operator must provide one set per TLD, using API described in draft–lozano-icann-registry-interfaces, see Specification 2, Part A, Section 9, reference 5
¤ Reports are required to be uploaded by 20th day of month for any prior month TLD is delegated
¤ Even if TLD is delegated on last day of the month (e.g., TLD delegated 31 May, May reports must be uploaded by 20 June)
| 58
WHOIS Service & RDDS
Specification 4, Section 1 of the Registry Agreement
¤ Operate a Whois service
¤ Operate a web-based Registration Data Directory Service
¤ 31 January 2016 effective date for both Additional Whois Information Policy (AWIP) and Whois Advisory has been announced (https://www.icann.org/news/announcement-2015-04-27-en)
| 59
Zone File Access
Specification 4, Section 2 of the Registry Agreement
¤ Must provide to ICANN, bulk access to the zone files by 00:00:00 UTC
¤ Must provide zone data to end users who request it through the Centralized Zone Data Service (CZDS)
| 60
Weekly Access to Thin Registration Data
Specification 4, Section 3 of the Registry Agreement
¤ Must provide to ICANN, bulk access on the day of the week specified by ICANN during onboarding via the Onboarding Information Request (ONBIR)
| 61
Maintain Registry Performance
Specification 10 of the Registry Agreement
¤ Meet the service level outlined in the Service Level Agreement matrix of Specification 10
¤ Maintain records for a period of at least one year
| 62
Fees
Article 6 of the Registry Agreement
¤ Fees payable to ICANN are outlined in Article 6 of the Registry Agreement
¤ Invoiced to Registry Operator by ICANN Accounting department
¤ When fees are 30+ days past due and ICANN Accounting has exhausted attempts to obtain payment, past due fees are referred to ICANN Compliance
¤ Upon receipt of an ICANN Compliance fees notice:
¤ Respond to the Compliance notice by due date (whether payment has been made)
¤ Make payment to ICANN Accounting